1745853 Members
4258 Online
108723 Solutions
New Discussion юеВ

Re: HPUNIX RBAC

 
cbecdrchennai
Occasional Contributor

HPUNIX RBAC

Hi Experts,

In our environment we have 3 different applications team with more than 10 users per team. This team requires root access to run application commands and to edit certain configuration files and directories.

Apart from ACL and sudo Is it possible this can be achieved in HPUNIX RBAC, if yes please let me know the procedure to achieve this,.

Please suggest.

Thanks in advance.
4 REPLIES 4
Wim Rombauts
Honored Contributor

Re: HPUNIX RBAC

RBAC allows you to grant selected root-privileges to non-root users.
So, you can grant a group of users selective root access, but remember that this is stillroot access, meaning : There actions can severiliy impact the two other teams.

I think that what you can do with RBAC, is somewhat the same as what you can do with sudo : Allow regular users to do a few things as root. Althoug permission filtering is on another level.

Another option - if you are running HP-UX 11i v3 - is SRP. These creates some virtual subsystem within your server. You can grant root access to a team, which will only alow them to be root in there resource partition.

SRP comes very close to virtualization, but het HP-UX itself is the hypervisor and you don't need to install (and manage) yet another OS to run an application. You run the application directly on the hypervisor : HP-UX.
Pete Randall
Outstanding Contributor

Re: HPUNIX RBAC

What application commands have to be run as root? And why can't any necessary configuration files and directories be handled with regular permissions? Without limited knowledge about what you're trying to accomplish, I would have to say that you need to take a long hard look at your requirements and how things are implemented.


Pete

Pete
Emil Velez
Honored Contributor

Re: HPUNIX RBAC

enclosed is a example

cbecdrchennai
Occasional Contributor

Re: HPUNIX RBAC

Thanks for the information provided.